On 08/16/2014 08:11 AM, Alexey Perevalov wrote:
Hello Daniel, I have a question regarding xt_cgroup, again ) I'm interesting why did you add check for none zero id into cgroup_mt_check. With it, it's impossible to introduce some rules, like -m cgroup ! --cgroup 0. It could be useful for end user, for example, to block all processes which was under cgroups, but not whole traffic.
Yes, indeed, probably I was too focussed on [1] when in combination with cls_cgroup (as they use the same cgroup) it's non-zero anyway; but that doesn't make sense when in use as xt_cgroup stand-alone. I've sent a patch, thanks. [1] Documentation/cgroups/net_cls.txt -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
